I am a network security engineer and when a problem was escalated to me, I didn't believe it at first but now after seeing it, I do.
My network is infected with bad IP addresses. We are using static IP addresses at the moment.
Suddenly, a user complains of not being able to access certain websites like yahoomail.com, optonline.net and probably 1-2 others.
I visit this user's desk and to find out if it's a computer problem or not, I plug in my laptop and use her IP address. We have no gateway URL filtering product and use a PIX firewall to connect to the internet. I have rebooted all these network devices and the problem still exists.
The DNS resolution is working fine as I can see packets in my sniffer go to the right IP address but nothing comes back. This happens approximately every 2 weeks with a different computer each time and all I have to do to resolve it is give the computer another IP address.
This problem is not website centric but it also happened while I was trying to access a share on a server. With IP 10.1.1.25, I couldn't access the share but with IP 10.1.1.26, I could. I gave the .25 IP to another computer and it too couldn't access the server. Of course, I did reboot the server and even flushed out it's ARP entries, etc.
Can this be the wierdest virus ever? I don't think I can resolve this problem unless somebody else has faced it and gotten to learn the mystery.